webber@brandx.rutgers.edu (Webber) (02/12/88)
In article <8802080327.AA02920@jiff>, gsmith@BRAHMS.BERKELEY.EDU writes: > > If anyone feels strongly enough about protection against > forgeries, one system which does not involve any fixes by anyone Hmmm. I think you wasted this posting it to news.admin. The people in sci.crypt should have much more fun with it (usually all they hear about is people who want to use keys as seeds to pseudorandom number generators and xor the result with their messages). > but the user himself is to post a large number which is the > product of two large enough (say, ~10^30) primes or pseudoprimes. > In any subsequent article you wish to authenticate, you give a > pointer to the previous article and the factorization. Then you > supply a new composite number. Of course a faked cancel message can be used to steal your factorization from you and be used against you. Indeed, if someone cancels a message that you try to authenticate off of, shouldn't everyone deduce that you are the forgery? > I admit it is sort of goofy, but it could easily be automated > (maybe when Matthew Wiener gets back I will ask if he wants to > put it in "gnews", the posting program he is developing.) Actually, I think the biggest weakness is in the ``easily automated.'' Once you start generating your random factors automatically, the search space for factorization narrows considerably. As too how much effort people would be willing to put into breaking your scheme. The more effort you put into making your communications reliable, the more ``value'' there is in faking a communication. Then there is always the question of how many people will bother to verify your authentication message. By the time it becomes an issue that they are curious about, it may have already expired on their machine (if it hadn't already been fake-cancelled by whoever is challenging its followup). ---- BOB (webber@athos.rutgers.edu ; rutgers!athos.rutgers.edu!webber)